Lucene search
K

364820 matches found

NVD
NVD
•added 2026/06/09 7:17 p.m.•13 views

CVE-2026-36791

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the savelistdata parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.00397EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•11 views

CVE-2026-36771

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS0.00329EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-36726

An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...

5.3CVSS0.00511EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-36777

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

6.5CVSS0.00217EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•13 views

CVE-2026-36728

A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...

5.4CVSS0.00162EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-36770

Shenzhen Tenda Technology Co., Ltd Tenda USW3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS0.00329EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•13 views

CVE-2026-36772

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•18 views

CVE-2026-36773

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

6.5CVSS0.0018EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•14 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS0.00364EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS0.00998EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-36719

An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...

7.5CVSS0.00321EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•16 views

CVE-2026-36721

A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.8CVSS0.00268EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•13 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS0.00248EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•18 views

CVE-2026-36725

A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the noticecontent parameter...

6.1CVSS0.00181EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•11 views

CVE-2026-36722

An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...

5.4CVSS0.00217EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•14 views

CVE-2026-36724

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

6.5CVSS0.00289EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

9.8CVSS0.00573EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•10 views

CVE-2025-55658

GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

6.5CVSS0.00296EPSS
Exploits1References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•12 views

CVE-2025-52293

A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...

7.5CVSS0.00467EPSS
Exploits1References2
NVD
NVD
•added 2026/06/09 7:17 p.m.•10 views

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS0.00209EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:17 p.m.•10 views

CVE-2025-55659

A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

6.5CVSS0.00345EPSS
Exploits1References2
NVD
NVD
•added 2026/06/09 7:17 p.m.•16 views

CVE-2025-55651

A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00192EPSS
Exploits1References3
NVD
NVD
•added 2026/06/09 7:17 p.m.•13 views

CVE-2025-55657

A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

7.5CVSS0.00467EPSS
Exploits1References2
NVD
NVD
•added 2026/06/09 7:17 p.m.•11 views

CVE-2025-52292

A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

7.5CVSS0.005EPSS
Exploits1References2
NVD
NVD
•added 2026/06/09 7:16 p.m.•10 views

CVE-2023-43688

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...

7.5CVSS0.00217EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:16 p.m.•11 views

CVE-2023-29146

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...

8.2CVSS0.00123EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 7:16 p.m.•11 views

CVE-2023-43686

An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...

6.2CVSS0.00118EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:17 p.m.•13 views

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 6:17 p.m.•13 views

CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS0.00372EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 6:17 p.m.•12 views

CVE-2026-50512

Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00257EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:17 p.m.•13 views

CVE-2026-50511

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00329EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:17 p.m.•13 views

CVE-2026-48293

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00139EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•17 views

CVE-2026-44275

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS0.00097EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•14 views

CVE-2026-41116

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS0.00085EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•16 views

CVE-2026-34706

InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00139EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•12 views

CVE-2026-34707

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00178EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•13 views

CVE-2026-34708

InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•15 views

CVE-2026-34703

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•13 views

CVE-2026-34705

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...

5.5CVSS0.00155EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•19 views

CVE-2026-34704

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS0.0013EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•14 views

CVE-2026-34702

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•12 views

CVE-2026-34701

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•14 views

CVE-2026-34699

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•14 views

CVE-2026-34698

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•17 views

CVE-2026-34700

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00139EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•12 views

CVE-2026-34696

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00166EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•12 views

CVE-2026-34697

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•12 views

CVE-2026-34695

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•21 views

CVE-2026-34694

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

4.8CVSS0.00175EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 6:16 p.m.•23 views

CVE-2026-34693

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's...

8CVSS0.00206EPSS
Exploits0References1
Total number of security vulnerabilities364820